| |
| =pod |
| |
| =head1 NAME |
| |
| openssl - OpenSSL command line tool |
| |
| =head1 SYNOPSIS |
| |
| B<openssl> |
| I<command> |
| [ I<command_opts> ] |
| [ I<command_args> ] |
| |
| =head1 DESCRIPTION |
| |
| OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL |
| v2/v3) and Transport Layer Security (TLS v1) network protocols and related |
| cryptography standards required by them. |
| |
| The B<openssl> program is a command line tool for using the various |
| cryptography functions of OpenSSL's B<crypto> library from the shell. |
| It can be used for |
| |
| o Creation of RSA, DH and DSA key parameters |
| o Creation of X.509 certificates, CSRs and CRLs |
| o Calculation of Message Digests |
| o Encryption and Decryption with Ciphers |
| o SSL/TLS Client and Server Tests |
| |
| =head1 COMMAND SUMMARY |
| |
| The B<openssl> program provides a rich variety of commands (I<command> in the |
| SYNOPSIS above), each of which often has a wealth of options and arguments |
| (I<command_opts> and I<command_args> in the SYNOPSIS). |
| |
| =head2 STANDARD COMMANDS |
| |
| =over 10 |
| |
| =item B<asn1parse> |
| |
| Parse an ASN.1 sequence. |
| |
| =item B<ca> |
| |
| Certificate Authority (CA) Management. |
| |
| =item B<ciphers> |
| |
| Cipher Suite Description Determination. |
| |
| =item B<crl> |
| |
| Certificate Revokation List (CRL) Management. |
| |
| =item B<crl2pkcs7> |
| |
| CRL2 to PKCS#7 Conversion. |
| |
| =item B<dgst> |
| |
| Message Digest Calculation. |
| |
| =item B<dh> |
| |
| Diffie-Hellman Data Management. |
| |
| =item B<dsa> |
| |
| DSA Data Management. |
| |
| =item B<dsaparam> |
| |
| DSA Parameter Generation. |
| |
| =item B<enc> |
| |
| Encoding with Ciphers. |
| |
| =item B<errstr> |
| |
| Error Number to Error String Conversion. |
| |
| =item B<gendh> |
| |
| Generation of Diffie-Hellman Parameters. |
| |
| =item B<gendsa> |
| |
| Generation of DSA Parameters. |
| |
| =item B<genrsa> |
| |
| Generation of RSA Parameters. |
| |
| =item B<pkcs7> |
| |
| PKCS#7 Data Management. |
| |
| =item B<req> |
| |
| X.509 Certificate Signing Request (CSR) Management. |
| |
| =item B<rsa> |
| |
| RSA Data Management. |
| |
| =item B<s_client> |
| |
| This implements a generic SSL/TLS client which can establish a transparent |
| connection to a remote server speaking SSL/TLS. It's intended for testing |
| purposes only and provides only rudimentary interface functionality but |
| internally uses mostly all functionality of the OpenSSL B<ssl> library. |
| |
| =item B<s_server> |
| |
| This implements a generic SSL/TLS server which accepts connections from remote |
| clients speaking SSL/TLS. It's intended for testing purposes only and provides |
| only rudimentary interface functionality but internally uses mostly all |
| functionality of the OpenSSL B<ssl> library. It provides both an own command |
| line oriented protocol for testing SSL functions and a simple HTTP response |
| facility to emulate an SSL/TLS-aware webserver. |
| |
| =item B<s_time> |
| |
| SSL Connection Timer. |
| |
| =item B<sess_id> |
| |
| SSL Session Data Management. |
| |
| =item B<speed> |
| |
| Algorithm Speed Measurement. |
| |
| =item B<verify> |
| |
| X.509 Certificate Verification. |
| |
| =item B<version> |
| |
| OpenSSL Version Information. |
| |
| =item B<x509> |
| |
| X.509 Certificate Data Management. |
| |
| =back |
| |
| =head2 MESSAGE DIGEST COMMANDS |
| |
| =over 10 |
| |
| =item B<md2> |
| |
| MD2 Digest |
| |
| =item B<md5> |
| |
| MD5 Digest |
| |
| =item B<mdc2> |
| |
| MDC2 Digest |
| |
| =item B<rmd160> |
| |
| RMD-160 Digest |
| |
| =item B<sha> |
| |
| SHA Digest |
| |
| =item B<sha1> |
| |
| SHA-1 Digest |
| |
| =back |
| |
| =head2 ENCODING AND CIPHER COMMANDS |
| |
| =over 10 |
| |
| =item B<base64> |
| |
| Base64 Encoding |
| |
| =item B<bf bf-cbc bf-cfb bf-ecb bf-ofb> |
| |
| Blowfish Cipher |
| |
| =item B<cast cast-cbc> |
| |
| CAST Cipher |
| |
| =item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb> |
| |
| CAST5 Cipher |
| |
| =item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb> |
| |
| DES Cipher |
| |
| =item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb> |
| |
| Triple-DES Cipher |
| |
| =item B<idea idea-cbc idea-cfb idea-ecb idea-ofb> |
| |
| IDEA Cipher |
| |
| =item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb> |
| |
| RC2 Cipher |
| |
| =item B<rc4> |
| |
| RC4 Cipher |
| |
| =item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb> |
| |
| RC5 Cipher |
| |
| =back |
| |
| =head1 DETAILED COMMAND DESCRIPTION |
| |
| The following is a detailed description of every B<openssl> I<command>. |
| |
| =over 4 |
| |
| =item B<openssl> B<s_client> |
| [B<-connect> I<host>B<:>I<port>] |
| [B<-verify> I<arg>] |
| [B<-cert> I<arg>] |
| [B<-key> I<arg>] |
| [B<-CApath> I<arg>] |
| [B<-CAfile> I<arg>] |
| [B<-reconnect>] |
| [B<-pause>] |
| [B<-debug>] |
| [B<-nbio_test>] |
| [B<-state>] |
| [B<-nbio>] |
| [B<-quiet>] |
| [B<-ssl2>] |
| [B<-ssl3>] |
| [B<-tls1>] |
| [B<-no_ssl2>] |
| [B<-no_ssl3>] |
| [B<-no_tls1>] |
| [B<-bugs>] |
| [B<-cipher>] |
| |
| The B<s_client> command implements a generic SSL/TLS client which can |
| establish a transparent connection to a remote I<host> and I<port> speaking |
| SSL/TLS. |
| |
| =item B<openssl> B<s_server> |
| [B<-accept> I<port>] |
| [B<-verify> I<arg>] |
| [B<-Verify> I<arg>] |
| [B<-cert> I<arg>] |
| [B<-key> I<arg>] |
| [B<-nbio>] |
| [B<-nbio_test>] |
| [B<-debug>] |
| [B<-state>] |
| [B<-CApath> I<arg>] |
| [B<-CAfile> I<arg>] |
| [B<-nocert>] |
| [B<-cipher> I<arg>] |
| [B<-quiet>] |
| [B<-no_tmp_rsa>] |
| [B<-ssl2>] |
| [B<-ssl3>] |
| [B<-tls1>] |
| [B<-no_ssl2>] |
| [B<-no_ssl3>] |
| [B<-no_tls1>] |
| [B<-bugs>] |
| [B<-www>] |
| [B<-WWW>] |
| |
| The B<s_server> command implements a generic SSL/TLS server which accepts |
| connections from remote clients on I<port> speaking SSL/TLS. |
| |
| =back |
| |
| ... |
| |
| =head1 SEE ALSO |
| |
| crypto(3), ssl(3) |
| |
| =head1 HISTORY |
| |
| The openssl(3) document appeared in OpenSSL 0.9.2 |
| |
| =cut |
| |
